Application Serial No. 09/838749 
Supplemental Amendment 

Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims in the 
application. 

Listing of Claims: 

1 . (Previously Presented) A methodology framework for analyzing technology system 
including a plurality of components and for designing security into that system, the 
framework comprising: 

a first system which identifies the security threats for the solution; 

a second system having a security reference model comprising a plurality of 
interrelated and interdependent security subsystems, the security subsystems further 
comprising an audit subsystem, an integrity subsystem, and an information flow control 
subsystem, the second system to determine security properties and functions of the 
information technology system in terms of the security subsystems; 

a third system which is coupled to the second system and which allocates security 
properties to the components of the information technology system based upon the 
selected functions which are derived from the nature and number of the security 
subsystems within the information technology system; 

a fourth system which is coupled to the third system for allocating the security 
properties to the components of the information technology system and which identifies 
functional requirements for the components, in terms of the Common Criteria, in order to 
comply with the security properties of the component allocated by the third system; and 

a fifth system which is coupled to the fourth system and which documents the 
requirements for the security components for the information technology system. 

2. (Previously Presented) A framework for designing security into an information 
technology system including the elements of Claim 1 wherein the second system which 
identifies security properties of the information technology system includes a component 
which uses security subsystems for identifying security properties. 
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3. (Previously Presented) A framework for designing security into an information 
technology system including the elements of Claim 2 wherein the standard criteria for 
identifying security properties includes a system which maps functions of security 
subsystems to an ISO standard 15408, also known as Common Criteria. 

4. (Previously Presented) A framework for designing security into an information 
technology system including the elements of Claim 1 wherein the framework further 
includes a system which documents the solution and the security assumptions using a 
solution design security methodology. 

5. (Previously Presented) A framework for designing security into information 
technology system including the elements of Claim 4 wherein the framework further 
provides integrity assurance requirements using a standard set of criteria. 

6. (Previously Presented) A framework for designing security into an information 
technology system including the elements of Claim 5 wherein the standard set of criteria 
are in accordance with ISO 15408. 

7-20. (Cancelled) 
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